Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Software Wireless Networking Technology

Logitech Will Restore Third-Party Harmony Home Automation (theverge.com) 42

After issuing a firmware update that reportedly cut off local access for Harmony Hubs, Logitech says it will offer yet another update to undo the move and restore local network control. The Verge reports: While Logitech originally defended its move to make the Harmony Hub unresponsive to third-party home automation software -- arguing that the private APIs were never meant to be used for anything except setting up the Harmony Hub for the first time, and that keeping them around meant maintaining a security hole -- Logitech has now relented, saying it's "working to provide a solution for those who still want access despite the inherent security risks involved." That solution is basically an about-face: Logitech will undo the change it made in the first place by restoring access to XMPP local controls with a new update, so that third-party home automation software like Home Assistant can see and operate the Hub over your local network. Logitech's calling it a "XMPP beta program" for now, and says it'll make the update available to all Harmony customers in January as well.
This discussion has been archived. No new comments can be posted.

Logitech Will Restore Third-Party Harmony Home Automation

Comments Filter:
  • Nonsense (Score:4, Insightful)

    by markdavis ( 642305 ) on Saturday December 22, 2018 @07:28AM (#57845456)

    >"arguing that the private APIs were never meant to be used for anything except setting up the Harmony Hub for the first time, and that keeping them around meant maintaining a security hole"

    That is just nonsense. If they only thought that then they should have:

    1) Told users exactly what they were going to do and why.
    2) Turn it off by default after the update.
    3) Put in an option in setup to turn it back on, locally only.
    4) Document how to turn it on and why/how it could be dangerous.
    5) Perhaps add filters or controls to help restrict access when it is on.

    • If they are not using it any more, then literally removing it means no longer having to support it. Your solution offers Logitech nothing, and means more work for them. I still don't think they should remove it, on the basis that people are using it and they put it in there to begin with, but I understand why they wanted to rip it out completely.

      • by tlhIngan ( 30335 )

        If they are not using it any more, then literally removing it means no longer having to support it. Your solution offers Logitech nothing, and means more work for them. I still don't think they should remove it, on the basis that people are using it and they put it in there to begin with, but I understand why they wanted to rip it out completely.

        It also removes a potential security hole - because heck, who knew if that interface was authenticated? Or perhaps the implementation has an overflow bug that lets

        • They had to have some people on staff whose job or was to figure out how people were really using their products to aid for product development (ok, really they've probably stagnated instead). Just seeing the number of people that integrate with them despite not giving an interface or having a formal partnership should make it plainly obvious. I would be a little surprised of they didn't know exactly what they were doing and had plans to launch a new product where they could officially monetize their inte

      • >"If they are not using it any more, then literally removing it means no longer having to support it. Your solution offers Logitech nothing, and means more work for them"

        But they didn't claim they removed it because it was more work for them or was difficult to support or cost them money. They just claim it was a security hole and never meant to be used like that in the first place. Which is silly- I find it impossible they didn't know lots of people were using it, it is probably all over all kinds of

      • This is the bigger issue of backward compatibility. How long should a vendor support a feature they no longer want to support simply because someone is using it?

        How much legacy code is in Linux, Windows, and every single program? The bloat, the old compatibility APIs. Sigh.

        The coding and API mistakes of the past haunt software forever. Itâ(TM)s why I donâ(TM)t blame vendors for making a major version which breaks compatibility every once in a while.

        • This is the bigger issue of backward compatibility. How long should a vendor support a feature they no longer want to support simply because someone is using it?

          If they don't want to support it, they should bring out a new version, and open source the old one. If the new version if better, then people will use it. If it isn't, then they don't need to bring out a new version, do they?

        • by DeVilla ( 4563 )
          Well, if it was billed as a home automation tool, taking away some automation functionality seems questionable. That API may not be what they meant, but it seems they discovered a market they were accidentally serving. If they are wise they will find a way to continue to serve that market, unless those are users they want to serve. But that comes with a trade-off in lost goodwill.
      • by rtb61 ( 674572 )

        Problem is, they knew exactly what people were doing with it and exactly what problems it would cause all those people and what it would cost them and well, they just did not give a fuck, there was gold in them thar hills of rejected product to buy logitech product. I would not trust them here in after. This is what they were quite willing to do to inflate their profits until they were forced to chicken out, cluck, cluck, cluck.

  • Privacy by Design? (Score:4, Interesting)

    by mrwireless ( 1056688 ) on Saturday December 22, 2018 @08:00AM (#57845510)

    Removing the ability to control a smart home device form the local network might have gone against the GDPR's "privacy by design" principle. Perhaps their legal team pointed this out?

    I suspect/hope that in the future we will see more smart devices that go beyond the "cloud-first" or "cloud-only" control schemes. It should be possible to have a smart home that never connects to the internet. Open Source home automation software like Home Assistant makes this possible.

  • The reason? (Score:4, Interesting)

    by freeze128 ( 544774 ) on Saturday December 22, 2018 @11:39AM (#57845976)
    It would be interesting to find out the exact reason that they decided to backtrack. Was it because of the sudden increase in support calls? Was it because their forum almost crashed because everyone was posting about how this sucks? Was it because of a deluge of lawsuits to their legal department?

    If we can find out what made Logitech come to their senses, maybe it can be done with other tone-deaf companies.

Time is the most valuable thing a man can spend. -- Theophrastus

Working...